RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-03-02 Thread Dennis E. Hamilton
+1 Yes, that is pretty clean, especially with regard to the tone.

-Original Message-
From: marcus [mailto:mar...@apache.org] 
Sent: Monday, March 2, 2015 14:10
To: dev@openoffice.apache.org
Cc: Jim Jagielski
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"

Am 03/01/2015 01:31 PM, schrieb Andrea Pescetti:
> On 23/02/2015 Andrea Pescetti wrote:
>> This is the proposed new version of
>> http://www.openoffice.org/why/why_compliance.html
>
> I've put the page online. It incorporates the suggestions made in this
> thread. The only significant changes are in the "For Developers"
> section, that I copy/paste below for review (even if it is online, we
> can of course change it at any time).

thanks a lot for your text. I hope that this topic is now finsihed with 
this.

Marcus


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-03-02 Thread marcus

Am 03/01/2015 01:31 PM, schrieb Andrea Pescetti:

On 23/02/2015 Andrea Pescetti wrote:

This is the proposed new version of
http://www.openoffice.org/why/why_compliance.html


I've put the page online. It incorporates the suggestions made in this
thread. The only significant changes are in the "For Developers"
section, that I copy/paste below for review (even if it is online, we
can of course change it at any time).


thanks a lot for your text. I hope that this topic is now finsihed with 
this.


Marcus


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-03-01 Thread Andrea Pescetti

On 23/02/2015 Andrea Pescetti wrote:

This is the proposed new version of
http://www.openoffice.org/why/why_compliance.html


I've put the page online. It incorporates the suggestions made in this 
thread. The only significant changes are in the "For Developers" 
section, that I copy/paste below for review (even if it is online, we 
can of course change it at any time).


Following advice from Dennis, I would like to add a 2-3 lines paragraph 
on how using Apache Licensed code protects you from patent-related 
tricks, but I couldn't find a way to do it properly, so I haven't 
included it so far. Suggestions welcome.


  ---
##For Developers: Reduced Constraints on Derivative Products

The permissive nature of the Apache License means that developers and
companies distributing derivative products needn't worry about
combining their code with the OpenOffice code and releasing derivative
products under their license of choice.

The Apache License has no propagative (or "copyleft", or "viral")
effects, i.e., it does not influence the license of the derivative
product: if you base your product on source code distributed under the
Apache License you have no legal obligation of releasing the entire
source code tree to the users of the program. All that is required is an
attribution of the Apache Licensed source code.

The Apache License thus reduces the need for employee education, the
frequency of internal audits, the intensity of internal audits.
  ---

And obviously native English speakers are more than welcome to improve 
the text quality.


Regards,
  Andrea.

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-27 Thread jonathon
On 26/02/15 18:34, Dennis E. Hamilton wrote:

> The edge case is that happening where the settlement exceeds $10
million USD.
> We're not talking innocent violation of license terms here, we're
talking about willful violations, so I am in some ways unsympathetic.

I don't know what current settlements are.
Back when I paid attention to them US$10^8 could have been the penalty
for an innocent violation.
The company that had one computer, with one employee authorized to use
it, being nailed because they had 5,000 employes, and thus, by SBA
criteria, needed to have 5,000 licenses for everything. That 4,999
employees neither need, want, desire, or even can use a computer to
carry out their job, was utterly irrelevant to the SBA. That the
paperwork for that single computer, and all of the software on it, was
otherwise in full compliance, was equally irrelevant to the SBA.

I do know of a firm that bought their hardware, and software, in good
faith, from a fairly well known local dealer. Unfortunately for them,
nothing that the dealer sold them, was legitimate, as far as the SBA was
concerned. Not a US$10^8 penalty, but certainly an innocent error -- the
error being to rely on the material representation of the local dealer,
that their software was kosher.

Going by what was displayed on the startup screen of the Dell Laptop I
purchased new, the OEM installed version of Windows was not a legitimate
version of Windows 7. Would my use be innocent infringement?  After all,
I purchased it from the largest retailer of electronic goods in North
America. A company that claims quality, value, and service as its core
values.

jonathon



signature.asc
Description: OpenPGP digital signature


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-26 Thread jan i
On Friday, February 27, 2015, Andrea Pescetti  wrote:

> On 25/02/2015 jonathon wrote:
>
>> On 23/02/15 17:10, Andrea Pescetti wrote:
>>
>>> I have to state it again: this is not the way I would have written the
>>> page; it is a version of the page that preserves all terms we had on
>>> that page. If we agree on another version I'm very happy.
>>>
>>
>> Is there a need/requirement to preserve all the terms on the page?
>>
>
> An argument that was made during other discussions on this topic was that
> the page had been designed to intercept web searches by people that did not
> even know about OpenOffice. Now, I can understand that people who search
> information about BSA audits will be relieved to discover OpenOffice and
> the fact that it poses no compliance problems. I doubt that mentions of the
> FSF and SFLC can be justified by the same reasons (the audience in that
> case is radically different) so I have nothing against rewriting this part
> avoiding to name specific entities and licenses (other than the ASF and
> Apache License, of course).

+1 let us get this behind us. Having the page can have a purpose, and the
way you suggest to rewrite it does no harm.



rgds
jan i

>
> Jim: I've CCed you now, but if you want to be kept updated please follow
> the conversation at http://markmail.org/message/j4benlcq5niden26
>
> Regards,
>   Andrea.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
>

-- 
Sent from My iPad, sorry for any misspellings.


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-26 Thread Andrea Pescetti

On 25/02/2015 jonathon wrote:

On 23/02/15 17:10, Andrea Pescetti wrote:

I have to state it again: this is not the way I would have written the
page; it is a version of the page that preserves all terms we had on
that page. If we agree on another version I'm very happy.


Is there a need/requirement to preserve all the terms on the page?


An argument that was made during other discussions on this topic was 
that the page had been designed to intercept web searches by people that 
did not even know about OpenOffice. Now, I can understand that people 
who search information about BSA audits will be relieved to discover 
OpenOffice and the fact that it poses no compliance problems. I doubt 
that mentions of the FSF and SFLC can be justified by the same reasons 
(the audience in that case is radically different) so I have nothing 
against rewriting this part avoiding to name specific entities and 
licenses (other than the ASF and Apache License, of course).


Jim: I've CCed you now, but if you want to be kept updated please follow 
the conversation at http://markmail.org/message/j4benlcq5niden26


Regards,
  Andrea.

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-26 Thread Dennis E. Hamilton
Thanks for the analysis Jonathon,

 1. The edge case I was thinking of was being able to obtain a bounty of up to 
$1 million USD.  It is actually a formula based on the amount obtained in a 
settlement that is obtained *without* litigation.  The edge case is that 
happening where the settlement exceeds $10 million USD.  We're not talking 
innocent violation of license terms here, we're talking about willful 
violations, so I am in some ways unsympathetic.  (And I don't think anyone 
being so willful is interested in this web page, since if they were completely 
willing to abandon whatever pirated goodies they are clinging to I think it 
would have happened, considering the level of exposure.)

 2. There is an interesting situation with the FSF case, as I recall.  The FSF 
only has standing to litigate in those cases where they have obtained the 
equivalent of CLAs from contributors.  The achievement of the suit that I 
remember the most about was it having demonstrated that the GPL is indeed 
enforceable in courts.  It's true, of course, that it would be smarter to find 
permissively-licensed code to use instead, not only ALv2 as an alternative.  Of 
course that's why some FLOSS adherents consider permissive licenses to be 
corrupt.

 - Dennis

-Original Message-
From: jonathon [mailto:toki.kant...@gmail.com] 
Sent: Thursday, February 26, 2015 03:54
To: dev@openoffice.apache.org
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"

[ ... ]

###

Addressing various issues mentioned in other emails.

> The page under discussion identifies some worst-case situations that
are not representative of what happens,

FWIW, as far as SBA compliance is concerned, it does not cover worst
case scenarios, but rather, average to _best_ case scenarios. (IOW, if
anything, it understates what happens, if the SBA targets your business.
 Also, contrary to SBA claims, they individuals are also targetted.)

As far as FSF compliance is concerned, their formal policy is to work
with organizations, and _not_ go to court. Even in court, they are
willing to settle at any point during the trial, up to, and including
seconds before the judge issues the official verdict.(IOW, if you are in
court for a GPL violation filed by FSF, it is either because your
attorney is incredibly incompetent, or you are incredibly stubborn.)

In both instances, there won't be much, if anything, in the court
records. The SBA takes, without going to court, and the FSF simply
insists on making changes in the organization's operations, so that it
fully complies with _all_ software licenses, not just the FLOSS licenses.

What one can find, is FSF and SBA press releases, that describe what
happens when they do find violations.

> I submit that a software producer could distribute binaries under
per-seat licenses that were based on software completely under a
permissive license and dispute violations of the terms under which those
binaries were made available to a customer.

Whether or not said producer gets anywhere legally, depends upon the
specific license of the binary:
* With GNU GPL 2.0, odds are the producer qua plaintiff, gets to pay
defendant's court costs;
* With BSD, odds are the defendant loses the lawsuit, because they did
violate the license;

There were a few firms that distributed OOo under a per seat license.
They all appear to be out of business.

There were, and are some firms that provide LibO & AOo support, on a per
seat basis. They appear to have an informal policy of allowing a
percentage of understatement of seats, whilst providing full support for
all seats.

[ ... ]



-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-26 Thread jonathon
On 23/02/15 15:55, Dennis E. Hamilton wrote:

>  so it is odd to have a revision in hand while we are still deliberating on 
> what direction to take.

The discussion popped up about three weeks ago, with Andrea volunteering
to rewrite the page, but saying he needed the weekend to do so. It took
him longer than a weekend to consider what, and how it could be changed,
to include what was on that page, but project The Apache Way.

>  1. The OpenOffice Mission

The specific page was a very subtle put-down of LibO, EO, NO, KOo, and
three or four other office suites that had their roots in StarOffice.

It does a raise a valid point, in that the different licenses do have
different criteria for compliance, and the resulting cost of compliance.

>  2. The Purpose of the Page

There were half a dozen or so CYA pages from when Sun and Oracle ran
OOo. (I've forgotten their names. I've seen at least one on the AOo site.)

This is one of those CYA pages, most useful when lawyers want to sue
someone, because their client didn't understand something, and wants
somebody else to pay for their self-inflicted damage.

I don't know if this specific page was a rewrite of a specific page from
when either Sun or Oracle ran OOo, or if it was written after The Apache
Foundation acquired OOo. Some of the wording implies that it was created
specifically for AOo. Some of the wording is in SUN's house style, when
dealing with "awkward" topics.

If the page does not mention other licenses, then it can be advocacy
page, explaining why Apache 2.0, and consequently AOo is an appropriate
choice for an organization to use.

> Apache OpenOffice is not a pure ALv2 release.
> *

Which is just one of the reasons why compliance costs are not going to
be zero, when using AOo.

###

Addressing various issues mentioned in other emails.

> The page under discussion identifies some worst-case situations that
are not representative of what happens,

FWIW, as far as SBA compliance is concerned, it does not cover worst
case scenarios, but rather, average to _best_ case scenarios. (IOW, if
anything, it understates what happens, if the SBA targets your business.
 Also, contrary to SBA claims, they individuals are also targetted.)

As far as FSF compliance is concerned, their formal policy is to work
with organizations, and _not_ go to court. Even in court, they are
willing to settle at any point during the trial, up to, and including
seconds before the judge issues the official verdict.(IOW, if you are in
court for a GPL violation filed by FSF, it is either because your
attorney is incredibly incompetent, or you are incredibly stubborn.)

In both instances, there won't be much, if anything, in the court
records. The SBA takes, without going to court, and the FSF simply
insists on making changes in the organization's operations, so that it
fully complies with _all_ software licenses, not just the FLOSS licenses.

What one can find, is FSF and SBA press releases, that describe what
happens when they do find violations.

> I submit that a software producer could distribute binaries under
per-seat licenses that were based on software completely under a
permissive license and dispute violations of the terms under which those
binaries were made available to a customer.

Whether or not said producer gets anywhere legally, depends upon the
specific license of the binary:
* With GNU GPL 2.0, odds are the producer qua plaintiff, gets to pay
defendant's court costs;
* With BSD, odds are the defendant loses the lawsuit, because they did
violate the license;

There were a few firms that distributed OOo under a per seat license.
They all appear to be out of business.

There were, and are some firms that provide LibO & AOo support, on a per
seat basis. They appear to have an informal policy of allowing a
percentage of understatement of seats, whilst providing full support for
all seats.

jonathon

  * English - detected
  * English

  * English

 



signature.asc
Description: OpenPGP digital signature


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-24 Thread jonathon
On 23/02/15 17:10, Andrea Pescetti wrote:

> I have to state it again: this is not the way I would have written the
> page; it is a version of the page that preserves all terms we had on
> that page. If we agree on another version I'm very happy.

Is there a need/requirement to preserve all the terms on the page?

> I like this, possibly with some minor rewording 

I was throwing up what I saw as the important points of that
paragraphed, rephrased in a license neutral way.

>in order to keep the angle on compliance and compliance costs?

Even when everything in LICENSES is Apache 2.0, or PD, some compliance
and its associated costs will be required.

jonathon




signature.asc
Description: OpenPGP digital signature


RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-24 Thread Dennis E. Hamilton
I see there is some wordsmithing discussion going on concerning the draft from 
Andreas.  I confess that it is difficult for me to contribute to that 
considering that I find the entire activity one that requires a more global 
perspective.

Here are a few observations.  I am afraid I have nothing useful to contribute 
beyond this.

 1. THE ROLE OF THE ASF
Nowhere in this account is there any recognition of the part that the ASF 
has in what users of releases from Apache Projects can rely on with regard to 
the provenance of the code and the applicable license(s).  In particular, it is 
very important how the ASF operates in good faith in relying on declarations 
that contributors make about having the right to make their contributions.

 2. SBA AND FSF DISPUTES AND LITIGATION

The information about SBA activities, and FSF activities, is not supported 
by useful information about what specific disputes were and how settlements 
were obtained without litigation in most cases.  The page under discussion 
identifies some worst-case situations that are not representative of what 
happens, and does not indicate any specifics about when the reported disputes 
occurred and how someone could find details of them (including what the actual 
bounty offer is from SBA and where in the world all this applies).

I submit that a software producer could distribute binaries under per-seat 
licenses that were based on software completely under a permissive license and 
dispute violations of the terms under which those binaries were made available 
to a customer.  While that may be far-fetched, there is nothing about the 
licenses that makes it so.

 3. THE SMALL MATTER OF PATENTS AND TRADEMARKS

I already suggested that anyone who wants to make a derivative of the AOO 
release has to contend with all of the license that apply to that code (not 
just ALv2) and be satisfied concerning the safety of their so doing.  That is 
especially the case for a commercial actor having the kind of assets that would 
have them be vulnerable to a dispute over license conditions.

Nowhere is it mentioned about how patents are dealt with in ALv2 and that 
there still remains the fact that patents not held by contributors can still be 
infringed by the code or by the employment of the software in processes that 
constitute infringements of patents held by third parties.  Any commercial 
actor has to be attentive to this matter regardless of the form of open-source 
license that applies to the software itself.

We already know about trademarks and how that can be a factor in what 
someone can do with the derivative or a distribution that they produce.

I submit that commercial actors, especially, will arrange to understand what 
they need to do to ensure compliance in their activities, and such parties are 
not going to rely on that web page in such matters.

And just today there was a request on the users@ oo.a.o list asking for 
reassurance that redistribution of AOO within an organization was acceptable.

 - Dennis

-Original Message-
From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org] 
Sent: Monday, February 23, 2015 07:55
To: 'dev@openoffice.apache.org'
Cc: 'Jim Jagielski'
Subject: RE: [DISCUSS] Inappropriate "Compliance Costs"

Please note that I have also included Jim Jagielski in this reply, although he 
has reported that he does not follow dev@ here.  I suspect continuing to do 
this is an intrusion on him, yet providing a BCC or separate forward seems 
inappropriate as well.

  Jim has since asked to be copied on continuing discussion on this topic.


I have not seen a [Vote][Result] on the currently-open vote on what to do about 
this page, so it is odd to have a revision in hand while we are still 
deliberating on what direction to take.  That may be an e-mail glitch on my 
part.


   The vote result has now been announced and a majority of the ballots cast 
favored retention of the web page with modifications and clarifications.

[ ... ]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-24 Thread marcus

Sounds good. Thanks for your work.

I don't know if the last 1-2 paragraphs are still not "Apache-friendly" 
enough. Maybe it's better to avoid to state explicitely the anmes (and 
abbreviations). Of course, here others can judge better. ;-)


Marcus



Am 02/23/2015 01:15 AM, schrieb Andrea Pescetti:

On 02/02/2015 Andrea Pescetti wrote:

I'll propose a rewrite


And here we are. It is not the way I would have written it, but it seems
a reasonable way to fulfill what I believe to be part of the OpenOffice
mission (whatever people think): educating users to basic concepts about
free, open source software and licenses.

This is the proposed new version of
http://www.openoffice.org/why/why_compliance.html
meant to will preserve SEO value and informative value, but (hopefully)
in a more neutral tone.

Wordings and minor mistakes can always be improved; what I'd like to
know is if this version can be OK in general. We won't necessarily end
with an agreement of course, but it still believe it's worth a try,
since we can't give up part of the de-facto OpenOffice mission.
---
[...]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-24 Thread Jim Jagielski
Thx for the discussion and the work. It is greatly appreciated.

With that said, I still don't see the need or rationale for the
"##For Developers" section. Removing the last 2 paragraphs
would go a long way in keeping the narrative closer to the
kind of discussion and info that the ASF is known for.

PS: Please be sure to cc me on any follow-ups/replies

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-23 Thread Andrea Pescetti

jonathon wrote:

On 23/02/15 00:15, Andrea Pescetti wrote:

Copyleft licenses, namely the GNU GPL, are enforced through specific
actions by the Software Freedom Law Center (SFLC) and the Free Software
Foundation (FSF): an ascertained violation due to inclusion of copyleft
code in a proprietary product results in the obligation to make the
entire product source code available to the public. The Apache License
avoids this risk and the associated needs for more employee education
and more internal audits.

I'd suggest deleting that paragraph.
For starters, the SFLC & FSF are neither the only organizations to
distribute software under the GNU GPL, nor the only organizations to
file lawsuits based on GNU GPL violations.


I have to state it again: this is not the way I would have written the 
page; it is a version of the page that preserves all terms we had on 
that page. If we agree on another version I'm very happy.



Alternatively, rephrase it.
Software distributed under The Apache License can be included in
proprietary software, without the legal obligation of releasing the
entire source code tree, to the users of the program. All that is
required, is an attribution of the Apache Licensed source code.
The Apache License reduces:
* The need for employee education;
* The frequency of internal audits;
* The intensity of internal audits;


I like this, possibly with some minor rewording in order to keep the 
angle on compliance and compliance costs?


Regards,
  Andrea.

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-23 Thread Roberto Galoppini
2015-02-23 8:43 GMT+01:00 jan i :

> On 23 February 2015 at 03:41, jonathon  wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > On 23/02/15 00:15, Andrea Pescetti wrote:
> >
> > >
> > > Copyleft licenses, namely the GNU GPL, are enforced through specific
> > > actions by the Software Freedom Law Center (SFLC) and the Free Software
> > > Foundation (FSF): an ascertained violation due to inclusion of copyleft
> > > code in a proprietary product results in the obligation to make the
> > > entire product source code available to the public. The Apache License
> > > avoids this risk and the associated needs for more employee education
> > > and more internal audits.
> >
> >
> > I'd suggest deleting that paragraph.
> > For starters, the SFLC & FSF are neither the only organizations to
> > distribute software under the GNU GPL, nor the only organizations to
> > file lawsuits based on GNU GPL violations.
> >
> I second that.
>

+1


>
> I really like the rest of the documentation,


me too, thanks Andrea to have found the time to do that!



> but the last paragraph is not
> needed. We have no business telling how other licenses work.
>
>
> Alternatively, rephrase it.
> >
> > Software distributed under The Apache License can be included in
> > proprietary software, without the legal obligation of releasing the
> > entire source code tree, to the users of the program. All that is
> > required, is an attribution of the Apache Licensed source code.
> >
> > The Apache License reduces:
> > * The need for employee education;
> > * The frequency of internal audits;
> > * The intensity of internal audits;
> >
>
> That could also work, because it does not mention the other licenses.
>

Agree.

Roberto


>
> rgds
> jan i.
>
>
> >
> > jonathon
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1
> >
> > iQIcBAEBAgAGBQJU6pNbAAoJEKG7hs8nSMR7E8kQAIklccMeKesrd+RaNhjbx4Pu
> > DPbEQM64aO6oWHQij7MEZZFONo9jd0PO9RSzh4puF+Kn3xmLMOkqgQJtUW+h9v5t
> > Sc+I/43gangig4UwH1Mt3kcpR8ZyG/A8H5osw1vDmT/zj5BlX8AhJ8qSXC4YuzXD
> > nyB7RrlRCZqpN3lI03/CibzP6KfN7Qd7aocdRT+p5AFO1T+4zvfmZATPz04YXHAZ
> > X59aFtJkIon0toraWfFPFdNRjZdpcI3jekCxPRmGOHFoCTumyNlgCIc6u8JjfsR+
> > 3XFxVnO2gsdAN10TBg498itC2BQ1ZIQO/9R2ZrRGwbioMbo9TNCroz205TxmvoPx
> > iMLfZU1YthbmrG1+KGFLSNMw5P7g5qPKVGrO+geNoLYXH9Ww4Mgl0uO/YGRVjDi/
> > n0hdUA61Rn4aEaalChmipMad8vitYZuZaiY/aR1RrcMJnmg5u3DCsrBNtTUnepYR
> > Mk17JhyG9bS83Qm5DaRi5QQif1+fNZQtVGlzlme4FIACriSggyFxySw6Dkk71VmM
> > C4e1+s6SnrBEyPWbvOZOdu/sHFOyg/XUzKgzX3y7bAW0vFlGPSdzXP6ldgWaX8nY
> > Kfj6i6B5j4qQuzLs40pY6sxTLFdxm6vttuHxuQXffC4R1SSygDlE4C8mjYPE8T6q
> > ZXZHAmpKcWXR14kYloo4
> > =MrUr
> > -END PGP SIGNATURE-
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> > For additional commands, e-mail: dev-h...@openoffice.apache.org
> >
> >
>


RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-23 Thread Dennis E. Hamilton
Please note that I have also included Jim Jagielski in this reply, although he 
has reported that he does not follow dev@ here.  I suspect continuing to do 
this is an intrusion on him, yet providing a BCC or separate forward seems 
inappropriate as well.

I have not seen a [Vote][Result] on the currently-open vote on what to do about 
this page, so it is odd to have a revision in hand while we are still 
deliberating on what direction to take.  That may be an e-mail glitch on my 
part.

I want to point out two things only.

 1. The OpenOffice Mission
I gather that many believe there is an OpenOffice mission to "educate users 
to basic concepts about free, open source software and licenses."
I don't believe there is consensus on that matter, although there are 
clearly many in this community that find it a great thing to be doing.
Either way, I would claim that this is not an appropriate mission for an 
Apache Project.  We need to distinguish our personal preferences from what our 
(especially the PMC) obligations are with respect to how the ASF expects 
projects to further *its* mission for contributing open-source software in the 
public interest.  I have said this before in one form and another and I will 
stop here other than to point out that we continue to resist advice from 
officials of the ASF that find the subject page objectionable.

 2. The Purpose of the Page
The page at issue is part of a section of the OpenOffice.org site named 
why/.
It is clearly an advocacy section from the days of Sun and Oracle custody.
The specific page has it appear that Apache OpenOffice can be cloaked in 
the flag of Apache License Version 2 goodness and rightness and it leaves 
adopters with pretty much complete permissive freedom for its binaries (nearly 
true) and its source code (not true at all).

Apache OpenOffice is not a pure ALv2 release.
*

And that is not just because the presence (or absence) of category B software 
in the binary distributions is not explained.

I fished out the NOTICE and LICENSE files from the current release as it is 
installed on Windows.  (It is not in the obvious place.  Look in the folder 
where the binaries are.)
The NOTICE file is 185 lines in 6,025 bytes of plaintext.
The LICENSE file is 4,174 lines in 212,394 bytes of plaintext.
There are multiple copyright notices and more than 25 license statements (not 
counting repetitions of the same ones).
While this might not matter to someone only using the binaries, it 
definitely matters to any commercial enterprise that considers mucking with a 
source release.

Finally, concerning the need to build a working binary without dependencies on 
category B, etc., I notice we are currently dealing with crashers that arise 
when a JRE is not available.

 - Dennis 



-Original Message-
From: Andrea Pescetti [mailto:pesce...@apache.org] 
Sent: Sunday, February 22, 2015 16:15
To: dev@openoffice.apache.org
Cc: Jim Jagielski
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"

On 02/02/2015 Andrea Pescetti wrote:
> I'll propose a rewrite

And here we are. It is not the way I would have written it, but it seems 
a reasonable way to fulfill what I believe to be part of the OpenOffice 
mission (whatever people think): educating users to basic concepts about 
free, open source software and licenses.

This is the proposed new version of
http://www.openoffice.org/why/why_compliance.html
meant to will preserve SEO value and informative value, but (hopefully) 
in a more neutral tone.

[ ... ]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-22 Thread jan i
On 23 February 2015 at 03:41, jonathon  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 23/02/15 00:15, Andrea Pescetti wrote:
>
> >
> > Copyleft licenses, namely the GNU GPL, are enforced through specific
> > actions by the Software Freedom Law Center (SFLC) and the Free Software
> > Foundation (FSF): an ascertained violation due to inclusion of copyleft
> > code in a proprietary product results in the obligation to make the
> > entire product source code available to the public. The Apache License
> > avoids this risk and the associated needs for more employee education
> > and more internal audits.
>
>
> I'd suggest deleting that paragraph.
> For starters, the SFLC & FSF are neither the only organizations to
> distribute software under the GNU GPL, nor the only organizations to
> file lawsuits based on GNU GPL violations.
>
I second that.

I really like the rest of the documentation, but the last paragraph is not
needed. We have no business telling how other licenses work.


Alternatively, rephrase it.
>
> Software distributed under The Apache License can be included in
> proprietary software, without the legal obligation of releasing the
> entire source code tree, to the users of the program. All that is
> required, is an attribution of the Apache Licensed source code.
>
> The Apache License reduces:
> * The need for employee education;
> * The frequency of internal audits;
> * The intensity of internal audits;
>

That could also work, because it does not mention the other licenses.

rgds
jan i.


>
> jonathon
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJU6pNbAAoJEKG7hs8nSMR7E8kQAIklccMeKesrd+RaNhjbx4Pu
> DPbEQM64aO6oWHQij7MEZZFONo9jd0PO9RSzh4puF+Kn3xmLMOkqgQJtUW+h9v5t
> Sc+I/43gangig4UwH1Mt3kcpR8ZyG/A8H5osw1vDmT/zj5BlX8AhJ8qSXC4YuzXD
> nyB7RrlRCZqpN3lI03/CibzP6KfN7Qd7aocdRT+p5AFO1T+4zvfmZATPz04YXHAZ
> X59aFtJkIon0toraWfFPFdNRjZdpcI3jekCxPRmGOHFoCTumyNlgCIc6u8JjfsR+
> 3XFxVnO2gsdAN10TBg498itC2BQ1ZIQO/9R2ZrRGwbioMbo9TNCroz205TxmvoPx
> iMLfZU1YthbmrG1+KGFLSNMw5P7g5qPKVGrO+geNoLYXH9Ww4Mgl0uO/YGRVjDi/
> n0hdUA61Rn4aEaalChmipMad8vitYZuZaiY/aR1RrcMJnmg5u3DCsrBNtTUnepYR
> Mk17JhyG9bS83Qm5DaRi5QQif1+fNZQtVGlzlme4FIACriSggyFxySw6Dkk71VmM
> C4e1+s6SnrBEyPWbvOZOdu/sHFOyg/XUzKgzX3y7bAW0vFlGPSdzXP6ldgWaX8nY
> Kfj6i6B5j4qQuzLs40pY6sxTLFdxm6vttuHxuQXffC4R1SSygDlE4C8mjYPE8T6q
> ZXZHAmpKcWXR14kYloo4
> =MrUr
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
>
>


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-22 Thread jonathon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 23/02/15 00:15, Andrea Pescetti wrote:

> 
> Copyleft licenses, namely the GNU GPL, are enforced through specific
> actions by the Software Freedom Law Center (SFLC) and the Free Software
> Foundation (FSF): an ascertained violation due to inclusion of copyleft
> code in a proprietary product results in the obligation to make the
> entire product source code available to the public. The Apache License
> avoids this risk and the associated needs for more employee education
> and more internal audits.


I'd suggest deleting that paragraph.
For starters, the SFLC & FSF are neither the only organizations to
distribute software under the GNU GPL, nor the only organizations to
file lawsuits based on GNU GPL violations.

Alternatively, rephrase it.

Software distributed under The Apache License can be included in
proprietary software, without the legal obligation of releasing the
entire source code tree, to the users of the program. All that is
required, is an attribution of the Apache Licensed source code.

The Apache License reduces:
* The need for employee education;
* The frequency of internal audits;
* The intensity of internal audits;

jonathon
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJU6pNbAAoJEKG7hs8nSMR7E8kQAIklccMeKesrd+RaNhjbx4Pu
DPbEQM64aO6oWHQij7MEZZFONo9jd0PO9RSzh4puF+Kn3xmLMOkqgQJtUW+h9v5t
Sc+I/43gangig4UwH1Mt3kcpR8ZyG/A8H5osw1vDmT/zj5BlX8AhJ8qSXC4YuzXD
nyB7RrlRCZqpN3lI03/CibzP6KfN7Qd7aocdRT+p5AFO1T+4zvfmZATPz04YXHAZ
X59aFtJkIon0toraWfFPFdNRjZdpcI3jekCxPRmGOHFoCTumyNlgCIc6u8JjfsR+
3XFxVnO2gsdAN10TBg498itC2BQ1ZIQO/9R2ZrRGwbioMbo9TNCroz205TxmvoPx
iMLfZU1YthbmrG1+KGFLSNMw5P7g5qPKVGrO+geNoLYXH9Ww4Mgl0uO/YGRVjDi/
n0hdUA61Rn4aEaalChmipMad8vitYZuZaiY/aR1RrcMJnmg5u3DCsrBNtTUnepYR
Mk17JhyG9bS83Qm5DaRi5QQif1+fNZQtVGlzlme4FIACriSggyFxySw6Dkk71VmM
C4e1+s6SnrBEyPWbvOZOdu/sHFOyg/XUzKgzX3y7bAW0vFlGPSdzXP6ldgWaX8nY
Kfj6i6B5j4qQuzLs40pY6sxTLFdxm6vttuHxuQXffC4R1SSygDlE4C8mjYPE8T6q
ZXZHAmpKcWXR14kYloo4
=MrUr
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-22 Thread Andrea Pescetti

On 02/02/2015 Andrea Pescetti wrote:

I'll propose a rewrite


And here we are. It is not the way I would have written it, but it seems 
a reasonable way to fulfill what I believe to be part of the OpenOffice 
mission (whatever people think): educating users to basic concepts about 
free, open source software and licenses.


This is the proposed new version of
http://www.openoffice.org/why/why_compliance.html
meant to will preserve SEO value and informative value, but (hopefully) 
in a more neutral tone.


Wordings and minor mistakes can always be improved; what I'd like to 
know is if this version can be OK in general. We won't necessarily end 
with an agreement of course, but it still believe it's worth a try, 
since we can't give up part of the de-facto OpenOffice mission.

  ---
##The Apache OpenOffice Compliance Advantages

As you probably already know, you don't own software in the same way
you own a chair or a desk.  Instead, you license the software from
the publisher; this gives you permission to use the software, but
only under terms specified by the license.

In the case of Apache OpenOffice, this license is the
[Apache Software License 2.0][1], a free and open source software
license. Like other open source licenses, the Apache License explicitly
allows you to copy and redistribute the covered product, without any
license fees or royalties.

The Apache License is a permissive license: companies and individual
developers who create derivative products of OpenOffice can do so
free of any constraints on the license to apply to the derivative
product they release.

This makes OpenOffice an excellent choice for users and developers who
want to avoid compliance woes and related risks and costs.

##For Users: Reduced Software License Compliance Costs

In the case of commercial software, the licensing terms typically say
how many users or PC's may access the software.  The terms might even
include a clause allowing the vendor to audit your usage of the
software.

In order to avoid the expense and penalties of an audit from the
Business Software Alliance (BSA), including those originated by
employees turning in their employer for software piracy, organizations
are increasingly adopting Software Asset Management (SAM) practices to
ensure that their use of commercial software complies with the
applicable licenses.  These practices generally include employee
education along with the purchase of software to track licenses and
software use within the organization.

The combined cost of these SAM practices is the "cost of compliance"
for using commercial proprietary software products.  It is an expense
that does not make your organization more productive.  It is purely risk
mitigation. Along with license, maintenance and training costs, it is
one of the expenses of using commercial software.

Open source software like Apache OpenOffice, instead, comes with a
license that explicitly permits free redistribution.  This reduces
the cost of compliance for many organizations, since tracking
application usage is not needed.

##For Developers: Reduced Constraints on Derivative Products

The permissive nature of the Apache License means that developers and
companies distributing derivative products needn't worry about
combining their code with the OpenOffice code and releasing derivative
products under their license of choice.

Unlike other open source licenses (the so-called "copyleft" licenses),
the Apache License has no viral effects, i.e., it does not influence
the license of the derivative product.

Copyleft licenses, namely the GNU GPL, are enforced through specific
actions by the Software Freedom Law Center (SFLC) and the Free Software
Foundation (FSF): an ascertained violation due to inclusion of copyleft
code in a proprietary product results in the obligation to make the
entire product source code available to the public. The Apache License
avoids this risk and the associated needs for more employee education
and more internal audits.

[1]: http://www.apache.org/licenses/LICENSE-2.0
  ---
Regards,
  Andrea.

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-03 Thread Dennis E. Hamilton
Thanks Michael, 

 -- Original Message --
From: RA Stehmann [mailto:anw...@rechtsanwalt-stehmann.de] 
Sent: Tuesday, February 3, 2015 07:07
To: dev@openoffice.apache.org
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"

[ ... ]

All licenses with a copyleft, even with the weakest, force developers
into compliance (but never users). A developer has to find out in all
cases, whether he or she could satisfy the copyleft clause and - if
applicable - in what way she or he can do it.


  I think every open-source license has compliance conditions, even it if 
  is only the necessity of preserving notices and perhaps providing 
  attribution to the original source.

  Also, many releases, under any kind of license, may have dependencies
  and components under different licenses.

  So attention is always required.  And yes, then the developer must
  determine what is to be done about all of that.  And for a firm, 
  there is the need for legal advice.


A problem as well is, that there are too many free software licenses.

Nevertheless I'm a "fan boy" of a powerful copyleft. Freedom is
necessarily stressful.

Kind regards
Michael





-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-03 Thread RA Stehmann
On 02.02.2015 14:34, Simon Phipps wrote:

> 
> That sounds a good move, Andrea. However, one question that needs asking is
> why the AOO project (as opoosed to Apache in general) needs this page at
> all. Now that LibreOffice uses the Mozilla license (which is not known for
> compliance risks), which GPL-licensed suite is this page helping users
> avoid?
> 

All licenses with a copyleft, even with the weakest, force developers
into compliance (but never users). A developer has to find out in all
cases, whether he or she could satisfy the copyleft clause and - if
applicable - in what way she or he can do it.

A problem as well is, that there are too many free software licenses.

Nevertheless I'm a "fan boy" of a powerful copyleft. Freedom is
necessarily stressful.

Kind regards
Michael





signature.asc
Description: OpenPGP digital signature


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-03 Thread Louis Suárez-Potts

> On 02-02-2015, at 22:41, Simon Phipps  wrote:
> 
> On 3 Feb 2015 03:29, "Louis Suárez-Potts"  wrote:
>> 
>> Simon,
>> 
>> This is OT.
> 
> What is? I am participating in a discussion of the page referred to
> legal-discuss by someone else. My last contribution was a
> question/suggestion in response to Andrea. As far as I can remember,
> nothing I have posted so far has been unrelated to that topic.
> 
> S.


Hold on… I  meant that my comment was OT, not yours.

louis



-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-03 Thread Roberto Galoppini
2015-02-02 14:34 GMT+01:00 Simon Phipps :

> On Mon, Feb 2, 2015 at 3:09 AM, Andrea Pescetti 
> wrote:
>
> > On 30/01/2015 Rob Weir wrote:
> >
> >> 1) Companies that use commercially licensed software are exposed to
> >> compliance risk that can be mitigated with time and expense.
> >> 2) Companies that use copyleft software are also exposed to compliance
> >> risk that can be mitigated with time and expense.
> >> 3)  There is a class of open source licenses that represent a middle
> >> path and avoid much of this risk.  The Apache License is one example.
> >> 4) Apache OpenOffice uses the Apache License, so if you are concerned
> >> with the cost of license compliance you might want to look further
> >> into using OpenOffice.
> >> I'd argue that this is a factual, relevant and appropriate thing for us
> >> to say.
> >>
> >
> > The page provides relevant information in a bad way (tone and wording of
> > the above list would be OK, for example). It is by keeping it as it is
> that
> > we play the game of haters. I'll propose a rewrite next weekend.
>
>
> That sounds a good move, Andrea. However, one question that needs asking is
> why the AOO project (as opoosed to Apache in general) needs this page at
> all. Now that LibreOffice uses the Mozilla license (which is not known for
> compliance risks), which GPL-licensed suite is this page helping users
> avoid?
>


I'd say OpenOffice.org itself.

Roberto



>
> S.
>


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-02 Thread Simon Phipps
On 3 Feb 2015 03:29, "Louis Suárez-Potts"  wrote:
>
> Simon,
>
> This is OT.

What is? I am participating in a discussion of the page referred to
legal-discuss by someone else. My last contribution was a
question/suggestion in response to Andrea. As far as I can remember,
nothing I have posted so far has been unrelated to that topic.

S.


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-02 Thread Louis Suárez-Potts
Simon,

This is OT.

> On 02-02-2015, at 12:39, Simon Phipps  wrote:
> 
> 
snip


> S.

Out of curiosity, why do you continue to support LibreOffice? After all, you 
visibly contribute to this project in at least a couple of areas. I haven’t 
checked, but I wouldn’t be surprised if you were also a member of the Apache 
Software Foundation. As you know, Apache OpenOffice is now, more than ever, 
driven by a community where no one entity imposes its will by dint of coding 
force or license or any other tactic. And as you surely also know, the 
continuing division between Apache OpenOffice and LO hardly seems to benefit 
the actual users of either, nor the legacy users of OOo. I can’t imagine that 
contributors to either project favour the continuation of the split.

Personally, I would like to end the division and collaborate where feasible. 

Best,

louis


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-02 Thread jonathon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/02/15 14:59, Rob Weir wrote:
> There is no mention of LO on this page, nor any suggestion of it.

A thing does not have to specifically mention the target for the
target to be understood.  Even if, as you allege, there is no such target.

jonathon
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJU0DCjAAoJEKG7hs8nSMR7JRkQAINqfVWPw4TacUnMp7m/e634
kFIsFVh4b5v9vO1YEBzzJ+KnMSjIEFJdG2+sggnaEUclfHaKV89TNnGnAkQhi92X
iIX4dzxIQ3xPyO+I0fvBG4KAaghsnY4P1S/qjGW6HfUHs11jtipVV7nJ6OKqxToF
x3MqAJVIqGr5ZxlZCvYGHlkeGIlbnXoh87AIVTOBfhlUFx6XbsasmK4fLwc9RjdR
4CbSqDb8ZL0F0sQSmVGf1e5pImm5jssdKJhedO1Vi4IE68zLxEbrrueBSL0/7zal
QjrgvVzLcDGXx4nyoqfIWTkukxU8hszhQBJlsbgBFXT3ocDuZkpcPcCi32bslsLS
6jImd+dQ1ly3YTWLwGDSoaGZuScIv9ozPSbXQOoevsyPX4O8cxZAFMuo0sh/n/II
MM5UfDOz6opogvRHbXWSt0Q3tGQ96soP95WgdU8YE+7qYC8kbym4Aaj3VIT4yIpk
pjvvEJhe4DwhqOjPTxowWU+UX+Dm7Pu4JnVtPKW9qMh/aVmnBrT1xep/BTZhp35h
53kUccHP/vzSSRnKEGbhcIFI6R7rbmwZc1Zoln80PmUL76fkbFJuHzCaqsOiN/iK
0kgPgSNF7OpW49MZFMUuylroySgGR4EkK2/vbrBCZsVoZl+h/GKNggi3SdjAdPMK
q0wPcarTKkvsInqck5YP
=K4s9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-02 Thread Simon Phipps
On Mon, Feb 2, 2015 at 3:59 PM, Rob Weir  wrote:

> On Mon, Feb 2, 2015 at 8:34 AM, Simon Phipps  wrote:
> > On Mon, Feb 2, 2015 at 3:09 AM, Andrea Pescetti 
> wrote:
> >
> >> The page provides relevant information in a bad way (tone and wording of
> >> the above list would be OK, for example). It is by keeping it as it is
> that
> >> we play the game of haters. I'll propose a rewrite next weekend.
> >
> >
> > That sounds a good move, Andrea. However, one question that needs asking
> is
> > why the AOO project (as opoosed to Apache in general) needs this page at
> > all. Now that LibreOffice uses the Mozilla license (which is not known
> for
> > compliance risks), which GPL-licensed suite is this page helping users
> > avoid?
> >
>
> There is no mention of LO on this page, nor any suggestion of it.
>

I did not say it did. I am a regular contributor to this project and my
comments are in that capacity, not as a representative of anyone else. My
question stands.

S.


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-02 Thread Rob Weir
On Mon, Feb 2, 2015 at 8:34 AM, Simon Phipps  wrote:
> On Mon, Feb 2, 2015 at 3:09 AM, Andrea Pescetti  wrote:
>
>> On 30/01/2015 Rob Weir wrote:
>>
>>> 1) Companies that use commercially licensed software are exposed to
>>> compliance risk that can be mitigated with time and expense.
>>> 2) Companies that use copyleft software are also exposed to compliance
>>> risk that can be mitigated with time and expense.
>>> 3)  There is a class of open source licenses that represent a middle
>>> path and avoid much of this risk.  The Apache License is one example.
>>> 4) Apache OpenOffice uses the Apache License, so if you are concerned
>>> with the cost of license compliance you might want to look further
>>> into using OpenOffice.
>>> I'd argue that this is a factual, relevant and appropriate thing for us
>>> to say.
>>>
>>
>> The page provides relevant information in a bad way (tone and wording of
>> the above list would be OK, for example). It is by keeping it as it is that
>> we play the game of haters. I'll propose a rewrite next weekend.
>
>
> That sounds a good move, Andrea. However, one question that needs asking is
> why the AOO project (as opoosed to Apache in general) needs this page at
> all. Now that LibreOffice uses the Mozilla license (which is not known for
> compliance risks), which GPL-licensed suite is this page helping users
> avoid?
>

There is no mention of LO on this page, nor any suggestion of it.
Similarly the "why" page on ODF does not mention LO nor suggest LO
does not support ODF.   Not everything revolves around LO.IMHO, it
is sufficient to show the advantages of ALv2 for those who are
concerned about this risk.  The fact that such concerns exist is
shown, for example, by coverage in the New York Times about this risk,
  If LO wishes to show how the MPL addresses this risk they are
welcome to put a similar page on their own website.   In fact they
could use our version as a base, since it is available for anyone to
use under ALv2.

-Rob


> S.

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-02 Thread Simon Phipps
On Mon, Feb 2, 2015 at 3:09 AM, Andrea Pescetti  wrote:

> On 30/01/2015 Rob Weir wrote:
>
>> 1) Companies that use commercially licensed software are exposed to
>> compliance risk that can be mitigated with time and expense.
>> 2) Companies that use copyleft software are also exposed to compliance
>> risk that can be mitigated with time and expense.
>> 3)  There is a class of open source licenses that represent a middle
>> path and avoid much of this risk.  The Apache License is one example.
>> 4) Apache OpenOffice uses the Apache License, so if you are concerned
>> with the cost of license compliance you might want to look further
>> into using OpenOffice.
>> I'd argue that this is a factual, relevant and appropriate thing for us
>> to say.
>>
>
> The page provides relevant information in a bad way (tone and wording of
> the above list would be OK, for example). It is by keeping it as it is that
> we play the game of haters. I'll propose a rewrite next weekend.


That sounds a good move, Andrea. However, one question that needs asking is
why the AOO project (as opoosed to Apache in general) needs this page at
all. Now that LibreOffice uses the Mozilla license (which is not known for
compliance risks), which GPL-licensed suite is this page helping users
avoid?

S.


Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-02-01 Thread Andrea Pescetti

On 30/01/2015 Rob Weir wrote:

1) Companies that use commercially licensed software are exposed to
compliance risk that can be mitigated with time and expense.
2) Companies that use copyleft software are also exposed to compliance
risk that can be mitigated with time and expense.
3)  There is a class of open source licenses that represent a middle
path and avoid much of this risk.  The Apache License is one example.
4) Apache OpenOffice uses the Apache License, so if you are concerned
with the cost of license compliance you might want to look further
into using OpenOffice.
I'd argue that this is a factual, relevant and appropriate thing for us to say.


The page provides relevant information in a bad way (tone and wording of 
the above list would be OK, for example). It is by keeping it as it is 
that we play the game of haters. I'll propose a rewrite next weekend.


Regards,
  Andrea.

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-31 Thread Dennis E. Hamilton
I think the enumeration provided by Rob below is more grounded and conditional 
than the web page itself.  

For me, the page itself is simply propaganda, as appealing as it is for those 
with an ideological commitment to open-source development.  Whatever the facts 
it is based on, however true they are, it lacks reality and context and, by 
omission, exaggerates how much this impacts anyone.

For example, it suggests, absent context, that Linux is a bad proposition 
because of the GPL.  Likewise GNU Tools and the LAMP stack (not to mention 
issues for on-line services with some GPL3 variants).  That leaves what? 
FreeBSD, OpenBSD, and other software based on permissive licenses.

I don't think there are many here who are satisfied with that conclusion and 
those concerns, while happily running Debian/Ubuntu and other distributions as 
well as OpenSolaris, etc.

I can certainly understand why folks like Bradley Kuhn and those who have 
learned of his objections are dismayed over this.  Note that Kuhn presents the 
"Compliance Costs" openoffice.org page as being from "the Apache web site" and 
he uses it to suggest that the ASF has become copy-left hostile.  
Identification of the page with the ASF is a fact, too, if one looks at who 
hosts the site and owns the domain name.  It fits his agenda to point that out 
(and not point out that node.js is under a permissive license).  One can also 
see, then, how this situation elevated onto the legal-discuss list.

In any case, my attention is going to be on Apache OpenOffice as an affirmative 
offering of value, not contrast with suggested negatives.  AOO appeals to those 
who consider adoption of AOO in support of their personal and office 
productivity needs.  They and their organizations are supported by 
demonstrating how AOO can be relied upon as dependable and useful in their 
actual circumstances.  I think that is the most important way to establish that 
an open-source project has delivered something tangible and practical.
 
 - Dennis
 
-Original Message-
From: Rob Weir [mailto:r...@robweir.com] 
Sent: Friday, January 30, 2015 12:58
To: dev@openoffice.apache.org; 
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"

On Fri, Jan 30, 2015 at 3:36 PM, Dennis E. Hamilton  wrote:
> Pedro and Jürgen,
>
> It is important to be concerned about false contrasts and comparisons.
>
> There is a risk, when we are essentially preaching to the choir, that we sink 
> into some sort of fundamentalist hyperbole as well.  It is satisfying, it is 
> credible to us, and it can be a mistake.  Facts are more nuanced than 
> portrayed.  It is also unnecessary for the voice of the project to be taken 
> there.  There are many places where such matters can be discussed without 
> embroiling the project.

The page boils down to saying the following:

1) Companies that use commercially licensed software are exposed to
compliance risk that can be mitigated with time and expense.

2) Companies that use copyleft software are also exposed to compliance
risk that can be mitigated with time and expense.

3)  There is a class of open source licenses that represent a middle
path and avoid much of this risk.  The Apache License is one example.

4) Apache OpenOffice uses the Apache License, so if you are concerned
with the cost of license compliance you might want to look further
into using OpenOffice.


I'd argue that this is a factual, relevant and appropriate thing for us to say.

Regards,

-Rob





>
> A company is certainly not going to learn about the risks of running pirated 
> software here first.  I don't want to get into fine points of how the BSA 
> operates.  Anyone can research the rewards for whistle-blowers on settlement 
> without lawsuits at 
> <https://reporting.bsa.org/r/report/usa/rewardsconditions.aspx>.  My main 
> point is that an AOO stance is insignificant and not informative to someone 
> for whom license management is a serious concern.  Also, the BSA does not 
> pursue individuals using software separate from and outside of their 
> employment.
>
> It is more important, to me, that there be clarity about what the AOO 
> licensing conditions are and how easy they are to satisfy at essentially no 
> cost.  Comparative cost-benefit is much larger than that single factor.  AOO 
> site and resources could be more helpful in determining how to migrate 
> successfully, though.  That's something where we have an opportunity to act 
> as a contribution to the public interest.
>
> The business about copy-left versus permissive licenses is evidently what 
> attracted the attention of the legal-discuss list here at the ASF.  I had not 
> known what the actual discussion was at 
> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201501.mbox/browser>.
>  The conclusion later in that thread l

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Rob Weir
On Thu, Jan 29, 2015 at 1:19 PM, Dennis E. Hamilton  wrote:
> I didn't even know about this page, 
> , until I saw an update on 
> the Apache ooo-site SVN yesterday.  I glanced at it and didn't think much 
> about it.
>
> Today, Simon Phipps has pointed out how strange that page is.  I agree.  If 
> you stand back and look at the question from the perspective of someone 
> interested in adopting Apache OpenOffice in use, this page is not helpful.  
> Something, if anything, more straightforward and pertinent is called for, 
> based on what it is within our power to provide.  I am grateful to Simon for 
> pointing out how over-reaching this page is.
>

It is useful to those who have an interest and concern about license
compliance.   That's the point, to have a keyword-rich page that
places well in search results for those potential users who are
concerned specifically with compliance risk.
intended purpose.

Note:  This is how all the "why" pages are structured.  They are
single topic pages that delve into a specific reason why someone might
be interested in OpenOffice.  So even if they have no idea that
OpenOffice exists, they will find this page when they search for a
related concern, e.g., ODF, End of Life of Office 2003, free software
for new computers, and, yes, cost of compliance.

You, or anyone else might not care about cost of compliance, or for
that matter, End Of Life of Office 2003.  That's fine.   This page is
not intended for you.  The way to evaluate it is from the perspective
of someone who is researching this topic, the person for whom this is
a topic of interest.   This is an important SEO technique, to make it
possible for those who don't even know that OpenOffice exists, but who
have a problem that we solve, to find our website.


The fact that these are genuine, real-world concerns can be seen from
their coverage in the New York Times and in industry press:

http://www.nytimes.com/2010/09/26/business/26ping.html?_r=2&;

http://www.industryweek.com/software-amp-systems/cost-open-source-licensing-compliance


> The current page speaks to matters that are none of our business as an Apache 
> Project and it somehow raises a matter of specialized interest as if it 
> matters broadly to adopters of software of various kinds.  The footnote that 
> the ASF does not have such positions should have alerted me farther.
>

Similarly, the ASF does not have a position on public sector
procurement, upgrades to Office 2003 or what file format someone
should use.  On none of these questions does the ASF have an official
stance.  However, these are issues that are of interest to many, and
for which AOO has a good answer, so it is appropriate to have pages
that explain why someone with these concerns might prefer AOO.

Finally, note that we do not place these "why" pages prominently in
our blog or the front page of the website.   The main intent is to to
be found by someone searching for keywords related to these topics.
It is not intended as as trollbait for the FSF.

Regards,

-Rob

> I have only returned to the dev list for a few months, and I don't recall any 
> discussion about that page and the posture it presents in that period.
>
> SUGGESTION
>
>  1. Remove the page altogether.
>
>  2. Alternatively, perhaps make an affirmative page, if not already 
> adequately covered, about the safe use of the Apache OpenOffice binaries that 
> the project makes available.
>
> 2.1 That there is no requirement for licensing or registration, and that 
> there are no limitations on the redistribution or use of the binaries 
> (perhaps point to the Open Source Definition for more about that if anyone is 
> interested).  This is a question that comes up from time to time and it would 
> be good to have that answered (if not already -- I am not looking around, but 
> I will).  I suppose this could be why_adopt or why_use.  It should also be 
> respectful of the broad community of open-source contributions in this space. 
>  (I am making up why_mumble names just to give the idea of the orientation.)
>
> 2.2 Also point out that, as is the case for open-source software, the 
> source code is always available from the Project.  That source code is 
> available for modification, adaptation, and creating of anyone's own binary 
> distributions so long as the applicable open-source licenses are honored.  
> This should be simple and perhaps link to a why_develop page.
>
> 2.3 The conditions, if any, that might face developers of extensions of 
> various kinds to be used with the AOO binaries might also be mentioned, but 
> just mentioned, and addressed with why_develop and any deep-dive details from 
> there.
>
> This should all be done as an affirmation of how AOO is an open-source 
> project and what is provided by the project.  It is not ours to explain or 
> describe anecdotally or otherwise the circumstances that that can arise in 
> accord with different 

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Marcus

Am 01/30/2015 01:32 PM, schrieb Jürgen Schmidt:

On 29/01/15 19:19, Dennis E. Hamilton wrote:

I didn't even know about this 
page,, until I saw an update 
on the Apache ooo-site SVN yesterday.  I glanced at it and didn't think much about it.

Today, Simon Phipps has pointed out how strange that page is.  I agree.  If you 
stand back and look at the question from the perspective of someone interested 
in adopting Apache OpenOffice in use, this page is not helpful.  Something, if 
anything, more straightforward and pertinent is called for, based on what it is 
within our power to provide.  I am grateful to Simon for pointing out how 
over-reaching this page is.

The current page speaks to matters that are none of our business as an Apache 
Project and it somehow raises a matter of specialized interest as if it matters 
broadly to adopters of software of various kinds.  The footnote that the ASF 
does not have such positions should have alerted me farther.

I have only returned to the dev list for a few months, and I don't recall any 
discussion about that page and the posture it presents in that period.



I still don't see the problem with this page and I think it gives some
interesting information for people who are not so familiar with open
source software and the different open source licenses.

It can be seen as background information.

In the context of the "why" page it is dos no harm and just provides
some more information that I find interesting, informative and worse
reading.

If we remove or change this page I believe that simply play the gm of
other people and do what they want. I can imagine that some some people
don't like it but this doesn't change the facts that are listed here.

We have much more important things to do in the project than this and I
hope we can and will concentrate on these important things.


+1

AFAIK only one person has mentioned this and only indirectly by useing 
some words as quote. Since when is this webpage online? SVN tells us Dev 
2012. But I haven't looked since when which text parts are online. Now 
we have one feedback of just a little part of the webpage.


It's just another try to go for a fight of license variantes.

Keep the text as it is, remove typos or adjust the wording if someone 
get offended personally. But I don't see the need to change the text 
because someone don't like it. Or remove the webpage entirely which 
would in IMHO b*shit.


My 2 ct.

Marcus




SUGGESTION

  1. Remove the page altogether.

  2. Alternatively, perhaps make an affirmative page, if not already adequately 
covered, about the safe use of the Apache OpenOffice binaries that the project 
makes available.

 2.1 That there is no requirement for licensing or registration, and that 
there are no limitations on the redistribution or use of the binaries (perhaps 
point to the Open Source Definition for more about that if anyone is 
interested).  This is a question that comes up from time to time and it would 
be good to have that answered (if not already -- I am not looking around, but I 
will).  I suppose this could be why_adopt or why_use.  It should also be 
respectful of the broad community of open-source contributions in this space.  
(I am making up why_mumble names just to give the idea of the orientation.)

 2.2 Also point out that, as is the case for open-source software, the 
source code is always available from the Project.  That source code is 
available for modification, adaptation, and creating of anyone's own binary 
distributions so long as the applicable open-source licenses are honored.  This 
should be simple and perhaps link to a why_develop page.

 2.3 The conditions, if any, that might face developers of extensions of 
various kinds to be used with the AOO binaries might also be mentioned, but 
just mentioned, and addressed with why_develop and any deep-dive details from 
there.

This should all be done as an affirmation of how AOO is an open-source project 
and what is provided by the project.  It is not ours to explain or describe 
anecdotally or otherwise the circumstances that that can arise in accord with 
different licensing models.

Otherwise, wouldn't we owe it to our users to explain that we provide no 
indemnification for patent violations that can arise by use of AOO-provided 
binaries (or source) in a manner where essential claims of some patent are 
infringed, and they also need to read the Disclaimer in the License?

  -- Dennis E. Hamilton
 orc...@apache.org
 dennis.hamil...@acm.org+1-206-779-9430
 https://keybase.io/orcmid  PGP F96E 89FF D456 628A
 X.509 certs used and requested for signed e-mail

PS: I had occasion to say elsewhere that users should not be addressed in order 
to co-opt them as cannon fodder in someone else's war.  That is usually not 
helpful, especially considering where most of our users are operating.  For me, 
we show the value to users of 

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Marcus

Am 01/30/2015 01:32 PM, schrieb Jürgen Schmidt:

On 29/01/15 19:19, Dennis E. Hamilton wrote:

I didn't even know about this 
page,, until I saw an update 
on the Apache ooo-site SVN yesterday.  I glanced at it and didn't think much about it.

Today, Simon Phipps has pointed out how strange that page is.  I agree.  If you 
stand back and look at the question from the perspective of someone interested 
in adopting Apache OpenOffice in use, this page is not helpful.  Something, if 
anything, more straightforward and pertinent is called for, based on what it is 
within our power to provide.  I am grateful to Simon for pointing out how 
over-reaching this page is.

The current page speaks to matters that are none of our business as an Apache 
Project and it somehow raises a matter of specialized interest as if it matters 
broadly to adopters of software of various kinds.  The footnote that the ASF 
does not have such positions should have alerted me farther.

I have only returned to the dev list for a few months, and I don't recall any 
discussion about that page and the posture it presents in that period.



I still don't see the problem with this page and I think it gives some
interesting information for people who are not so familiar with open
source software and the different open source licenses.

It can be seen as background information.

In the context of the "why" page it is dos no harm and just provides
some more information that I find interesting, informative and worse
reading.

If we remove or change this page I believe that simply play the gm of
other people and do what they want. I can imagine that some some people
don't like it but this doesn't change the facts that are listed here.

We have much more important things to do in the project than this and I
hope we can and will concentrate on these important things.


+1

AFAIK only one person has mentioned this and only indirectly by useing 
some words as quote. Since when is this webpage online? SVN tells us Dev 
2012. But I haven't looked since when which text parts are online. Now 
we have one feedback of just a little part of the webpage.


It's just another try to go for a fight of license variantes.

Keep the text as it is, remove typos or adjust the wording if someone 
get offended personally. But I don't see the need to change the text 
because someone don't like it. Or remove the webpage entirely which 
would in IMHO b*shit.


My 2 ct.

Marcus




SUGGESTION

  1. Remove the page altogether.

  2. Alternatively, perhaps make an affirmative page, if not already adequately 
covered, about the safe use of the Apache OpenOffice binaries that the project 
makes available.

 2.1 That there is no requirement for licensing or registration, and that 
there are no limitations on the redistribution or use of the binaries (perhaps 
point to the Open Source Definition for more about that if anyone is 
interested).  This is a question that comes up from time to time and it would 
be good to have that answered (if not already -- I am not looking around, but I 
will).  I suppose this could be why_adopt or why_use.  It should also be 
respectful of the broad community of open-source contributions in this space.  
(I am making up why_mumble names just to give the idea of the orientation.)

 2.2 Also point out that, as is the case for open-source software, the 
source code is always available from the Project.  That source code is 
available for modification, adaptation, and creating of anyone's own binary 
distributions so long as the applicable open-source licenses are honored.  This 
should be simple and perhaps link to a why_develop page.

 2.3 The conditions, if any, that might face developers of extensions of 
various kinds to be used with the AOO binaries might also be mentioned, but 
just mentioned, and addressed with why_develop and any deep-dive details from 
there.

This should all be done as an affirmation of how AOO is an open-source project 
and what is provided by the project.  It is not ours to explain or describe 
anecdotally or otherwise the circumstances that that can arise in accord with 
different licensing models.

Otherwise, wouldn't we owe it to our users to explain that we provide no 
indemnification for patent violations that can arise by use of AOO-provided 
binaries (or source) in a manner where essential claims of some patent are 
infringed, and they also need to read the Disclaimer in the License?

  -- Dennis E. Hamilton
 orc...@apache.org
 dennis.hamil...@acm.org+1-206-779-9430
 https://keybase.io/orcmid  PGP F96E 89FF D456 628A
 X.509 certs used and requested for signed e-mail

PS: I had occasion to say elsewhere that users should not be addressed in order 
to co-opt them as cannon fodder in someone else's war.  That is usually not 
helpful, especially considering where most of our users are operating.  For me, 
we show the value to users of 

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Rob Weir
On Fri, Jan 30, 2015 at 3:36 PM, Dennis E. Hamilton  wrote:
> Pedro and Jürgen,
>
> It is important to be concerned about false contrasts and comparisons.
>
> There is a risk, when we are essentially preaching to the choir, that we sink 
> into some sort of fundamentalist hyperbole as well.  It is satisfying, it is 
> credible to us, and it can be a mistake.  Facts are more nuanced than 
> portrayed.  It is also unnecessary for the voice of the project to be taken 
> there.  There are many places where such matters can be discussed without 
> embroiling the project.

The page boils down to saying the following:

1) Companies that use commercially licensed software are exposed to
compliance risk that can be mitigated with time and expense.

2) Companies that use copyleft software are also exposed to compliance
risk that can be mitigated with time and expense.

3)  There is a class of open source licenses that represent a middle
path and avoid much of this risk.  The Apache License is one example.

4) Apache OpenOffice uses the Apache License, so if you are concerned
with the cost of license compliance you might want to look further
into using OpenOffice.


I'd argue that this is a factual, relevant and appropriate thing for us to say.

Regards,

-Rob





>
> A company is certainly not going to learn about the risks of running pirated 
> software here first.  I don't want to get into fine points of how the BSA 
> operates.  Anyone can research the rewards for whistle-blowers on settlement 
> without lawsuits at 
> <https://reporting.bsa.org/r/report/usa/rewardsconditions.aspx>.  My main 
> point is that an AOO stance is insignificant and not informative to someone 
> for whom license management is a serious concern.  Also, the BSA does not 
> pursue individuals using software separate from and outside of their 
> employment.
>
> It is more important, to me, that there be clarity about what the AOO 
> licensing conditions are and how easy they are to satisfy at essentially no 
> cost.  Comparative cost-benefit is much larger than that single factor.  AOO 
> site and resources could be more helpful in determining how to migrate 
> successfully, though.  That's something where we have an opportunity to act 
> as a contribution to the public interest.
>
> The business about copy-left versus permissive licenses is evidently what 
> attracted the attention of the legal-discuss list here at the ASF.  I had not 
> known what the actual discussion was at 
> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201501.mbox/browser>.
>  The conclusion later in that thread led to the footnote on the current 
> version of the page at <http://www.openoffice.org/why/why_compliance.html>.  
> (Another list I need to re-subscribe to.)  A still unanswered question from 
> the list is about whose voice this statement is made in.  The footnote says 
> it is not the voice of the ASF.
>
> It is a matter of firm policy that the ASF does not have anything to say 
> about other (open-source) licenses except with regard to how they are 
> honored, where accepted, in ASF Apache Projects.  The only ASF compliance 
> concern is with the Apache License version 2.0 and the ASF conditions on how 
> the releases and distributions produced by Apache projects honor all 
> governing licenses.  That is more appropriately presented in material 
> addressed to ASF Project developers and potential contributors.  The only 
> advice to adapters of software from ASF Projects is that it is important to 
> observe the licenses that apply.  And that interested parties should look 
> elsewhere for legal advice and assurances.
>
>  - Dennis
>
> PS: Other circumstances had me learn, recently, that the reason the Chair of 
> the PMC is an Officer of the Foundation is for important legal purposes with 
> regard to the nature of the Foundation and the umbrella it creates for 
> projects under its auspices.  Some of the legal considerations and their 
> honoring are viewed as extending to the PMC as well and the Chair is 
> accountable to the Foundation for that.  The PMC, in addition to its 
> attention on the direction of the project is also governed by some legal 
> requirements.  I know that's pretty abstract, it is for me too.  I expect 
> that Chairs get on-the-job training in such matters.  I surmise that the 
> charge to operate in the public interest and within the parameters the 
> Foundation has defined for fulfilling on that is paramount.
>
>
> -Original Message-
> From: Pedro Giffuni [mailto:p...@apache.org]
> Sent: Friday, January 30, 2015 09:03
> To: OOo Apache
> Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"
>
> [ ... ]
>
> I actually don't care ab

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Rob Weir
On Fri, Jan 30, 2015 at 7:32 AM, Jürgen Schmidt  wrote:
> On 29/01/15 19:19, Dennis E. Hamilton wrote:
>> I didn't even know about this page, 
>> , until I saw an update 
>> on the Apache ooo-site SVN yesterday.  I glanced at it and didn't think much 
>> about it.
>>
>> Today, Simon Phipps has pointed out how strange that page is.  I agree.  If 
>> you stand back and look at the question from the perspective of someone 
>> interested in adopting Apache OpenOffice in use, this page is not helpful.  
>> Something, if anything, more straightforward and pertinent is called for, 
>> based on what it is within our power to provide.  I am grateful to Simon for 
>> pointing out how over-reaching this page is.
>>
>> The current page speaks to matters that are none of our business as an 
>> Apache Project and it somehow raises a matter of specialized interest as if 
>> it matters broadly to adopters of software of various kinds.  The footnote 
>> that the ASF does not have such positions should have alerted me farther.
>>
>> I have only returned to the dev list for a few months, and I don't recall 
>> any discussion about that page and the posture it presents in that period.
>>
>
> I still don't see the problem with this page and I think it gives some
> interesting information for people who are not so familiar with open
> source software and the different open source licenses.
>
> It can be seen as background information.
>
> In the context of the "why" page it is dos no harm and just provides
> some more information that I find interesting, informative and worse
> reading.
>


IMHO it should not be considered unusual for an Apache project to have
a page that explains why it thinks that the license that is mandatory
for all Apache releases has some specific benefits over the licenses
that are forbidden in all Apache releases.   It would be odd if we
could not make that argument.

Regards,

-Rob


> If we remove or change this page I believe that simply play the gm of
> other people and do what they want. I can imagine that some some people
> don't like it but this doesn't change the facts that are listed here.
>
> We have much more important things to do in the project than this and I
> hope we can and will concentrate on these important things.
>
> Juergen
>
>
>> SUGGESTION
>>
>>  1. Remove the page altogether.
>>
>>  2. Alternatively, perhaps make an affirmative page, if not already 
>> adequately covered, about the safe use of the Apache OpenOffice binaries 
>> that the project makes available.
>>
>> 2.1 That there is no requirement for licensing or registration, and that 
>> there are no limitations on the redistribution or use of the binaries 
>> (perhaps point to the Open Source Definition for more about that if anyone 
>> is interested).  This is a question that comes up from time to time and it 
>> would be good to have that answered (if not already -- I am not looking 
>> around, but I will).  I suppose this could be why_adopt or why_use.  It 
>> should also be respectful of the broad community of open-source 
>> contributions in this space.  (I am making up why_mumble names just to give 
>> the idea of the orientation.)
>>
>> 2.2 Also point out that, as is the case for open-source software, the 
>> source code is always available from the Project.  That source code is 
>> available for modification, adaptation, and creating of anyone's own binary 
>> distributions so long as the applicable open-source licenses are honored.  
>> This should be simple and perhaps link to a why_develop page.
>>
>> 2.3 The conditions, if any, that might face developers of extensions of 
>> various kinds to be used with the AOO binaries might also be mentioned, but 
>> just mentioned, and addressed with why_develop and any deep-dive details 
>> from there.
>>
>> This should all be done as an affirmation of how AOO is an open-source 
>> project and what is provided by the project.  It is not ours to explain or 
>> describe anecdotally or otherwise the circumstances that that can arise in 
>> accord with different licensing models.
>>
>> Otherwise, wouldn't we owe it to our users to explain that we provide no 
>> indemnification for patent violations that can arise by use of AOO-provided 
>> binaries (or source) in a manner where essential claims of some patent are 
>> infringed, and they also need to read the Disclaimer in the License?
>>
>>  -- Dennis E. Hamilton
>> orc...@apache.org
>> dennis.hamil...@acm.org+1-206-779-9430
>> https://keybase.io/orcmid  PGP F96E 89FF D456 628A
>> X.509 certs used and requested for signed e-mail
>>
>> PS: I had occasion to say elsewhere that users should not be addressed in 
>> order to co-opt them as cannon fodder in someone else's war.  That is 
>> usually not helpful, especially considering where most of our users are 
>> operating.  For me, we show the value to users of relying on Apache 
>> OpenOffice by de

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Dave Fisher
Hi Dennis,

On Jan 30, 2015, at 12:36 PM, Dennis E. Hamilton wrote:

> Pedro and Jürgen,
> 
> It is important to be concerned about false contrasts and comparisons.
> 
> There is a risk, when we are essentially preaching to the choir, that we sink 
> into some sort of fundamentalist hyperbole as well.  It is satisfying, it is 
> credible to us, and it can be a mistake.  Facts are more nuanced than 
> portrayed.  It is also unnecessary for the voice of the project to be taken 
> there.  There are many places where such matters can be discussed without 
> embroiling the project. 
> 
> A company is certainly not going to learn about the risks of running pirated 
> software here first.  I don't want to get into fine points of how the BSA 
> operates.  Anyone can research the rewards for whistle-blowers on settlement 
> without lawsuits at 
> <https://reporting.bsa.org/r/report/usa/rewardsconditions.aspx>.  My main 
> point is that an AOO stance is insignificant and not informative to someone 
> for whom license management is a serious concern.  Also, the BSA does not 
> pursue individuals using software separate from and outside of their 
> employment.  
> 
> It is more important, to me, that there be clarity about what the AOO 
> licensing conditions are and how easy they are to satisfy at essentially no 
> cost.  Comparative cost-benefit is much larger than that single factor.  AOO 
> site and resources could be more helpful in determining how to migrate 
> successfully, though.  That's something where we have an opportunity to act 
> as a contribution to the public interest.
> 
> The business about copy-left versus permissive licenses is evidently what 
> attracted the attention of the legal-discuss list here at the ASF.  I had not 
> known what the actual discussion was at 
> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201501.mbox/browser>.
>  The conclusion later in that thread led to the footnote on the current 
> version of the page at <http://www.openoffice.org/why/why_compliance.html>.  
> (Another list I need to re-subscribe to.)  A still unanswered question from 
> the list is about whose voice this statement is made in.  The footnote says 
> it is not the voice of the ASF.

You will find some more discussion on private@oo.a.o where you may be 
resubscribed to soon.

> 
> It is a matter of firm policy that the ASF does not have anything to say 
> about other (open-source) licenses except with regard to how they are 
> honored, where accepted, in ASF Apache Projects.  The only ASF compliance 
> concern is with the Apache License version 2.0 and the ASF conditions on how 
> the releases and distributions produced by Apache projects honor all 
> governing licenses.  That is more appropriately presented in material 
> addressed to ASF Project developers and potential contributors.  The only 
> advice to adapters of software from ASF Projects is that it is important to 
> observe the licenses that apply.  And that interested parties should look 
> elsewhere for legal advice and assurances.

Exactly - so what the project writes here is NOT ASF policy unless we want to 
be more general and find a way to have it be an opinion of many.

> 
> - Dennis
> 
> PS: Other circumstances had me learn, recently, that the reason the Chair of 
> the PMC is an Officer of the Foundation is for important legal purposes with 
> regard to the nature of the Foundation and the umbrella it creates for 
> projects under its auspices.  Some of the legal considerations and their 
> honoring are viewed as extending to the PMC as well and the Chair is 
> accountable to the Foundation for that.  The PMC, in addition to its 
> attention on the direction of the project is also governed by some legal 
> requirements.  I know that's pretty abstract, it is for me too.  I expect 
> that Chairs get on-the-job training in such matters.  I surmise that the 
> charge to operate in the public interest and within the parameters the 
> Foundation has defined for fulfilling on that is paramount.

The board will lean in as needed, but better to go the other way and seek 
clarity.

I am taking it as a sign of this project's maturity within Apache that this is 
a quiet discussion. Let's keep it to the frequency of one reply per person per 
day.

If anyone wishes to propose other language for these pages then we should 
discuss it - slowly and carefully. I agree with Jürgen that we should be 
playing our game. The game is an Apache OpenOffice and an ASF game. It is 
neither an OpenOffice.org nor is it a TDF game.

Personally I am at Apache for the permissive license, others have their 
reasons. That they are here is enough for me.

Regards,
Dave

> 
> 
> -Original Message-
> From: Pedr

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Kay Schenk


On 01/29/2015 10:19 AM, Dennis E. Hamilton wrote:
> I didn't even know about this page,
> , until I saw an
> update on the Apache ooo-site SVN yesterday.  I glanced at it and
> didn't think much about it.
> 
> Today, Simon Phipps has pointed out how strange that page is.  I
> agree.  If you stand back and look at the question from the
> perspective of someone interested in adopting Apache OpenOffice in
> use, this page is not helpful.  Something, if anything, more
> straightforward and pertinent is called for, based on what it is
> within our power to provide.  I am grateful to Simon for pointing out
> how over-reaching this page is.
> 
> The current page speaks to matters that are none of our business as
> an Apache Project and it somehow raises a matter of specialized
> interest as if it matters broadly to adopters of software of various
> kinds.  The footnote that the ASF does not have such positions should
> have alerted me farther.
> 
> I have only returned to the dev list for a few months, and I don't
> recall any discussion about that page and the posture it presents in
> that period.

It does seem that this page would be applicable to ALL of the ASF, so in
that sense it is not specific to OpenOffice, but I don't see it as harmful.

IMO, there are some parts of the first section that could be removed
without damaging the flow into the second section. And maybe a bit of
rewording to the second section. But on balance, I think it does serve a
useful purpose, whether it directly pertains to OpenOffice or not.

> 
> SUGGESTION
> 
> 1. Remove the page altogether.
> 
> 2. Alternatively, perhaps make an affirmative page, if not already
> adequately covered, about the safe use of the Apache OpenOffice
> binaries that the project makes available.
> 
> 2.1 That there is no requirement for licensing or registration, and
> that there are no limitations on the redistribution or use of the
> binaries (perhaps point to the Open Source Definition for more about
> that if anyone is interested).  This is a question that comes up from
> time to time and it would be good to have that answered (if not
> already -- I am not looking around, but I will).  I suppose this
> could be why_adopt or why_use.  It should also be respectful of the
> broad community of open-source contributions in this space.  (I am
> making up why_mumble names just to give the idea of the
> orientation.)

This is covered in our distribution
page...http://www.openoffice.org/distribution/

Should that be linked from the page in question.

> 
> 2.2 Also point out that, as is the case for open-source software, the
> source code is always available from the Project.  That source code
> is available for modification, adaptation, and creating of anyone's
> own binary distributions so long as the applicable open-source
> licenses are honored.  This should be simple and perhaps link to a
> why_develop page.
> 
> 2.3 The conditions, if any, that might face developers of extensions
> of various kinds to be used with the AOO binaries might also be
> mentioned, but just mentioned, and addressed with why_develop and any
> deep-dive details from there.
> 
> This should all be done as an affirmation of how AOO is an
> open-source project and what is provided by the project.  It is not
> ours to explain or describe anecdotally or otherwise the
> circumstances that that can arise in accord with different licensing
> models.

Well, OK, maybe we need a better "umbrellla" page to cover some of these
concerns in some way.

> 
> Otherwise, wouldn't we owe it to our users to explain that we provide
> no indemnification for patent violations that can arise by use of
> AOO-provided binaries (or source) in a manner where essential claims
> of some patent are infringed, and they also need to read the
> Disclaimer in the License?

??? not sure what you think is needed in this respect. These situations
arise on a regular basis by the way. We've tried to cover some of this
in the distribution page and in our download page...but maybe both of
these areas need more visibility.

> 
> -- Dennis E. Hamilton orc...@apache.org dennis.hamil...@acm.org
> +1-206-779-9430 https://keybase.io/orcmid  PGP F96E 89FF D456 628A 
> X.509 certs used and requested for signed e-mail
> 
> PS: I had occasion to say elsewhere that users should not be
> addressed in order to co-opt them as cannon fodder in someone else's
> war.  That is usually not helpful, especially considering where most
> of our users are operating.  For me, we show the value to users of
> relying on Apache OpenOffice by demonstrating our care for them,
> whatever they are up to, and how that care is embodied in the
> distributions that are provided.  What matters is our good work.
> Part of our care is operating as an ASF Project and providing
> open-source licensing and development.  I assert that it is the
> carefulness and good will, and how breakdowns are dealt with, that
> h

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Louis Suárez-Potts

> On 30-01-2015, at 15:36, Dennis E. Hamilton  wrote:
> 
> Pedro and Jürgen,
> 
> It is important to be concerned about false contrasts and comparisons.

+1 
> 
> 

snip


> 
> It is more important, to me, that there be clarity about what the AOO 
> licensing conditions are and how easy they are to satisfy at essentially no 
> cost.  Comparative cost-benefit is much larger than that single factor. AOO 
> site and resources could be more helpful in determining how to migrate 
> successfully, though.  That's something where we have an opportunity to act 
> as a contribution to the public interest.

Agreed.

> 
> The business about copy-left versus permissive licenses is evidently what 
> attracted the attention of the legal-discuss list here at the ASF.  I had not 
> known what the actual discussion was at 
> <http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201501.mbox/browser>.
>  The conclusion later in that thread led to the footnote on the current 
> version of the page at <http://www.openoffice.org/why/why_compliance.html>.  
> (Another list I need to re-subscribe to.)  A still unanswered question from 
> the list is about whose voice this statement is made in.  The footnote says 
> it is not the voice of the ASF.

You seem to be disingenuous here, Dennis :-) Seems evident to me that speaking 
voice is AOO’s, not Apache’s. Which raises the question, how much rope does an 
Apache project have in attitudinal and tonal if not legal issues? Presumably, 
from the reaction so far witnessed, when the tone could affect business 
operations.
> 
> It is a matter of firm policy that the ASF does not have anything to say 
> about other (open-source) licenses except with regard to how they are 
> honored, where accepted, in ASF Apache Projects.  The only ASF compliance 
> concern is with the Apache License version 2.0 and the ASF conditions on how 
> the releases and distributions produced by Apache projects honor all 
> governing licenses.  That is more appropriately presented in material 
> addressed to ASF Project developers and potential contributors.  The only 
> advice to adapters of software from ASF Projects is that it is important to 
> observe the licenses that apply.  And that interested parties should look 
> elsewhere for legal advice and assurances.


Okay—this is more or less what I hinted at, anyway. Out of curiosity, do we 
know why Bradley has taken to finding us so objectionable? I know he finds the 
ICLA, any CLA, a foul bargain for the contributor, and that BSD-style licenses 
reek of sulfur and cloak the corruption of freedom’s community with false gold. 
Or something like that. I’m as opposed to neoliberalism and love a David 
Graeber-style anarchism as the next hyper-educated guy, but I even more like 
practical solutions, i.e., those that work in the world. I also like Bradley, 
insofar as I have spoken to him in narrow circumstances, but would be curious 
if he’s also railed against, say, Mozilla, or Ubuntu, or any other slightly 
fallen angel.

> 
> -Original Message-
> From: Pedro Giffuni [mailto:p...@apache.org] 
> Sent: Friday, January 30, 2015 09:03
> To: OOo Apache
> Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"
> 
> [ ... ]
> 
> I actually don't care about the discussion: I think both permissive
> and copyleft licenses have their advantages and disadvantages for
> certain groups. IANAL and I am in the group that doesn't read
> licenses anyways :).
> 
> I honestly don't think having a "compliance costs" page will make
> a difference but if it saves some (few) people from learning such
> things through a legal process, I guess that can't do any harm.
> 
> Regards,
> 
> Pedro.
> 
> [1] http://ebb.org/bkuhn/blog/2011/06/01/open-office.html
> [2] https://www.youtube.com/watch?v=-ItFjEG3LaA
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org
> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
> For additional commands, e-mail: dev-h...@openoffice.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Pedro Giffuni

(re sending through the Apache relay this time ..)

Hi Dennis;

There is never actually such thing as "the voice of the project". We have
our reasons for choosing a license and it's healthful to explain it's
advantages but, at least in the US, in order to give legal advice you
have to be a lawyer so it's understandable that the ASF has to step
and clarify that opinions are not legal advice in any form.

This said, the project is sufficiently open that you do not need to ask to
this list who wrote the page or who is the target audience: you can look
up the commit history and you will notice that it has only been touched
by ASF members (and PMC members). I would expect the PMC has
consensus (even if lazy) on that.

Now as a side note, and just IMHO, both candidates for AOO chair fail
to fulfill what I consider a fundamental requisite for being the next PMC
chair: someone wanting to be the PMC chair should already be in the PMC.

According to [1]
"The*/Chair/*of a Project Management Committee (PMC) is appointed by the 
Board
 from thePMC Members 
."


Yes, I know the PMC can do workarounds and bring someone new to the
PMC but *hey* ... people in the PMC have responsibilities: you guys 
shouldn't

lay those on people external to the PMC that are not up to date with what is
going on within the PMC *today*.

I would also expect that candidates that run for PMC chair will be 
willing to

serve in the PMC and support whomever is elected from within the PMC or
else this process doesn't really make sense (again just IMHO).

Pedro.

[1] http://www.apache.org/foundation/how-it-works.html#management


RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Dennis E. Hamilton
Louis,

A PS.

There was also something on the legal-discuss list about correcting a slide 
deck. I have no idea what that was.

An afterthought.

It struck me, thinking about this some more, that the position of the ASF 
around conduct in the public interest, including making open-source software 
that is freely available to the public, can be seen in the license.  The 
license is a permissive one.  Not only is the software free to use, but there 
is no prohibition against employment in closed source works.  Similarly, there 
is no prohibition against employment in copy-left works.  The license rules are 
the same for everybody and my impression is that AL version 2 even exists was 
to make copy-left use more satisfactory to the FSF.  

There is not only no discrimination against forms of use, there is no 
discrimination against development and commercial models, within the broad 
provisions and simple requirements of the ALv2.  Resolution of how open-source 
plays out in that broad world is left to other forces and factions.  The ASF is 
clear where it stands and how it is not a partisan any further than that.  
That's how I see it.

I am certain that there are participants on Apache Projects that do not share 
that broad view.  And some of the constraints on ASF Projects do not apply to 
projects elsewhere, even when the Apache License is used.  

 - Dennis

-Original Message-
From: Dennis E. Hamilton [mailto:orc...@apache.org] 
Sent: Friday, January 30, 2015 14:06
To: dev@openoffice.apache.org
Subject: RE: [DISCUSS] Inappropriate "Compliance Costs"

Louis, 

Summarizing on top,

I didn't check the recent video from Bradley Kuhn.  I think the objection is to 
the characterization of copy-left and conflation with the "cost of compliance" 
for commercial, closed-source software, and comparing with ALv2 in that regard. 
At least that is what I got in a quick scan of the legal-discuss @a.o list.

On legal-discuss it was asked whether the web page was with the voice of the 
PMC or of an individual.  I'm not sure there was a satisfactory answer.  
Apparently the primary concern has been addressed with the footnote.  I think 
the concern of ASF officials is that the only constituted entity here is the 
Foundation.  I am not certain why it is about the PMC, and it is fair to ask 
where AOO is of one voice.  I wasn't thinking very hard about any of that.

I don't think there was anything about CLAs, at least not on the legal-discuss 
thread.

I don't follow the remark about "when the tone could affect business 
operations."  Sorry.

 - Dennis

-Original Message-
From: Louis Suárez-Potts [mailto:lui...@gmail.com] 
Sent: Friday, January 30, 2015 13:30
To: dev@openoffice.apache.org; Dennis E. Hamilton
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"


> On 30-01-2015, at 15:36, Dennis E. Hamilton  wrote:
[ ... ]

You seem to be disingenuous here, Dennis :-) Seems evident to me that speaking 
voice is AOO’s, not Apache’s. Which raises the question, how much rope does an 
Apache project have in attitudinal and tonal if not legal issues? Presumably, 
from the reaction so far witnessed, when the tone could affect business 
operations.
[ ... ]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Pedro Giffuni

Hi Dennis;

There is never actually such thing as "the voice of the project". We have
our reasons for choosing a license and it's healthful to explain it's
advantages but, at least in the US, in order to give legal advice you
have to be a lawyer so it's understandable that the ASF has to step
and clarify that opnions are not legal advice in any form.

This said, the project is sufficiently open that you do not need to ask to
this list who wrote the page or who is the target audience: you can look
up the commit history and you will notice that it has only been touched
by ASF members (and PMC members). I would expect the PMC has
consensus (even if lazy) on that.

Now as a side note, and just IMHO, both candidates for AOO chair fail
to fulfill what I consider a fundamental requisite for being the next PMC
chair: someone wanting to be the PMC chair should  already be in the PMC.

According to [1]
"The*/Chair/*of a Project Management Committee (PMC) is appointed by the 
Board
 from thePMC Members 
."


Yes, I know the PMC can do workarounds and bring someone new to the PMC
but *hey* ... people in the PMC have responsablities: you guys shouldn't lay
those on people external to the PMC that are not up to date with what is 
going

on within the PMC *today*.

I would also expect that candidates that run for PMC chair will be 
willing to

serve in the PMC and support whomever is elected from within the PMC or
else this process doesn't really make sense (again just IMHO).

Pedro.

[1] http://www.apache.org/foundation/how-it-works.html#management


RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Dennis E. Hamilton
Louis, 

Summarizing on top,

I didn't check the recent video from Bradley Kuhn.  I think the objection is to 
the characterization of copy-left and conflation with the "cost of compliance" 
for commercial, closed-source software, and comparing with ALv2 in that regard. 
At least that is what I got in a quick scan of the legal-discuss @a.o list.

On legal-discuss it was asked whether the web page was with the voice of the 
PMC or of an individual.  I'm not sure there was a satisfactory answer.  
Apparently the primary concern has been addressed with the footnote.  I think 
the concern of ASF officials is that the only constituted entity here is the 
Foundation.  I am not certain why it is about the PMC, and it is fair to ask 
where AOO is of one voice.  I wasn't thinking very hard about any of that.

I don't think there was anything about CLAs, at least not on the legal-discuss 
thread.

I don't follow the remark about "when the tone could affect business 
operations."  Sorry.

 - Dennis

-Original Message-
From: Louis Suárez-Potts [mailto:lui...@gmail.com] 
Sent: Friday, January 30, 2015 13:30
To: dev@openoffice.apache.org; Dennis E. Hamilton
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"


> On 30-01-2015, at 15:36, Dennis E. Hamilton  wrote:
[ ... ]

You seem to be disingenuous here, Dennis :-) Seems evident to me that speaking 
voice is AOO’s, not Apache’s. Which raises the question, how much rope does an 
Apache project have in attitudinal and tonal if not legal issues? Presumably, 
from the reaction so far witnessed, when the tone could affect business 
operations.
[ ... ]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Dennis E. Hamilton
Pedro and Jürgen,

It is important to be concerned about false contrasts and comparisons.

There is a risk, when we are essentially preaching to the choir, that we sink 
into some sort of fundamentalist hyperbole as well.  It is satisfying, it is 
credible to us, and it can be a mistake.  Facts are more nuanced than 
portrayed.  It is also unnecessary for the voice of the project to be taken 
there.  There are many places where such matters can be discussed without 
embroiling the project. 

A company is certainly not going to learn about the risks of running pirated 
software here first.  I don't want to get into fine points of how the BSA 
operates.  Anyone can research the rewards for whistle-blowers on settlement 
without lawsuits at 
<https://reporting.bsa.org/r/report/usa/rewardsconditions.aspx>.  My main point 
is that an AOO stance is insignificant and not informative to someone for whom 
license management is a serious concern.  Also, the BSA does not pursue 
individuals using software separate from and outside of their employment.  

It is more important, to me, that there be clarity about what the AOO licensing 
conditions are and how easy they are to satisfy at essentially no cost.  
Comparative cost-benefit is much larger than that single factor.  AOO site and 
resources could be more helpful in determining how to migrate successfully, 
though.  That's something where we have an opportunity to act as a contribution 
to the public interest.

The business about copy-left versus permissive licenses is evidently what 
attracted the attention of the legal-discuss list here at the ASF.  I had not 
known what the actual discussion was at 
<http://mail-archives.apache.org/mod_mbox/www-legal-discuss/201501.mbox/browser>.
 The conclusion later in that thread led to the footnote on the current version 
of the page at <http://www.openoffice.org/why/why_compliance.html>.  (Another 
list I need to re-subscribe to.)  A still unanswered question from the list is 
about whose voice this statement is made in.  The footnote says it is not the 
voice of the ASF.

It is a matter of firm policy that the ASF does not have anything to say about 
other (open-source) licenses except with regard to how they are honored, where 
accepted, in ASF Apache Projects.  The only ASF compliance concern is with the 
Apache License version 2.0 and the ASF conditions on how the releases and 
distributions produced by Apache projects honor all governing licenses.  That 
is more appropriately presented in material addressed to ASF Project developers 
and potential contributors.  The only advice to adapters of software from ASF 
Projects is that it is important to observe the licenses that apply.  And that 
interested parties should look elsewhere for legal advice and assurances.

 - Dennis

PS: Other circumstances had me learn, recently, that the reason the Chair of 
the PMC is an Officer of the Foundation is for important legal purposes with 
regard to the nature of the Foundation and the umbrella it creates for projects 
under its auspices.  Some of the legal considerations and their honoring are 
viewed as extending to the PMC as well and the Chair is accountable to the 
Foundation for that.  The PMC, in addition to its attention on the direction of 
the project is also governed by some legal requirements.  I know that's pretty 
abstract, it is for me too.  I expect that Chairs get on-the-job training in 
such matters.  I surmise that the charge to operate in the public interest and 
within the parameters the Foundation has defined for fulfilling on that is 
paramount.


-Original Message-
From: Pedro Giffuni [mailto:p...@apache.org] 
Sent: Friday, January 30, 2015 09:03
To: OOo Apache
Subject: Re: [DISCUSS] Inappropriate "Compliance Costs"

[ ... ]

I actually don't care about the discussion: I think both permissive
and copyleft licenses have their advantages and disadvantages for
certain groups. IANAL and I am in the group that doesn't read
licenses anyways :).

I honestly don't think having a "compliance costs" page will make
a difference but if it saves some (few) people from learning such
things through a legal process, I guess that can't do any harm.

Regards,

Pedro.

[1] http://ebb.org/bkuhn/blog/2011/06/01/open-office.html
[2] https://www.youtube.com/watch?v=-ItFjEG3LaA

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Pedro Giffuni

Just my $0.02,

Actually the page makes sense. What is happening is that a group
of "free software" advocates see the advantages of permissive
licenses, and particularly the success of the ASF, as a threat to
their business.

Bradly Kuhn in particular has always been aggressive towards
OpenOfficeas an Apache Project[1] and seems to want to take
it against the ASF[2] lately.

I actually don't care about the discussion: I think both permissive
and copyleft licenses have their advantages and disadvantages for
certain groups. IANAL and I am in the group that doesn't read
licenses anyways :).

I honestly don't think having a "compliance costs" page will make
a difference but if it saves some (few) people from learning such
things through a legal process, I guess that can't do any harm.

Regards,

Pedro.

[1] http://ebb.org/bkuhn/blog/2011/06/01/open-office.html
[2] https://www.youtube.com/watch?v=-ItFjEG3LaA

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-30 Thread Jürgen Schmidt
On 29/01/15 19:19, Dennis E. Hamilton wrote:
> I didn't even know about this page, 
> , until I saw an update on 
> the Apache ooo-site SVN yesterday.  I glanced at it and didn't think much 
> about it.
> 
> Today, Simon Phipps has pointed out how strange that page is.  I agree.  If 
> you stand back and look at the question from the perspective of someone 
> interested in adopting Apache OpenOffice in use, this page is not helpful.  
> Something, if anything, more straightforward and pertinent is called for, 
> based on what it is within our power to provide.  I am grateful to Simon for 
> pointing out how over-reaching this page is.
> 
> The current page speaks to matters that are none of our business as an Apache 
> Project and it somehow raises a matter of specialized interest as if it 
> matters broadly to adopters of software of various kinds.  The footnote that 
> the ASF does not have such positions should have alerted me farther.
> 
> I have only returned to the dev list for a few months, and I don't recall any 
> discussion about that page and the posture it presents in that period.
> 

I still don't see the problem with this page and I think it gives some
interesting information for people who are not so familiar with open
source software and the different open source licenses.

It can be seen as background information.

In the context of the "why" page it is dos no harm and just provides
some more information that I find interesting, informative and worse
reading.

If we remove or change this page I believe that simply play the gm of
other people and do what they want. I can imagine that some some people
don't like it but this doesn't change the facts that are listed here.

We have much more important things to do in the project than this and I
hope we can and will concentrate on these important things.

Juergen


> SUGGESTION
> 
>  1. Remove the page altogether.
> 
>  2. Alternatively, perhaps make an affirmative page, if not already 
> adequately covered, about the safe use of the Apache OpenOffice binaries that 
> the project makes available.  
> 
> 2.1 That there is no requirement for licensing or registration, and that 
> there are no limitations on the redistribution or use of the binaries 
> (perhaps point to the Open Source Definition for more about that if anyone is 
> interested).  This is a question that comes up from time to time and it would 
> be good to have that answered (if not already -- I am not looking around, but 
> I will).  I suppose this could be why_adopt or why_use.  It should also be 
> respectful of the broad community of open-source contributions in this space. 
>  (I am making up why_mumble names just to give the idea of the orientation.)
> 
> 2.2 Also point out that, as is the case for open-source software, the 
> source code is always available from the Project.  That source code is 
> available for modification, adaptation, and creating of anyone's own binary 
> distributions so long as the applicable open-source licenses are honored.  
> This should be simple and perhaps link to a why_develop page.  
> 
> 2.3 The conditions, if any, that might face developers of extensions of 
> various kinds to be used with the AOO binaries might also be mentioned, but 
> just mentioned, and addressed with why_develop and any deep-dive details from 
> there.
> 
> This should all be done as an affirmation of how AOO is an open-source 
> project and what is provided by the project.  It is not ours to explain or 
> describe anecdotally or otherwise the circumstances that that can arise in 
> accord with different licensing models.  
> 
> Otherwise, wouldn't we owe it to our users to explain that we provide no 
> indemnification for patent violations that can arise by use of AOO-provided 
> binaries (or source) in a manner where essential claims of some patent are 
> infringed, and they also need to read the Disclaimer in the License?
> 
>  -- Dennis E. Hamilton
> orc...@apache.org
> dennis.hamil...@acm.org+1-206-779-9430
> https://keybase.io/orcmid  PGP F96E 89FF D456 628A
> X.509 certs used and requested for signed e-mail
> 
> PS: I had occasion to say elsewhere that users should not be addressed in 
> order to co-opt them as cannon fodder in someone else's war.  That is usually 
> not helpful, especially considering where most of our users are operating.  
> For me, we show the value to users of relying on Apache OpenOffice by 
> demonstrating our care for them, whatever they are up to, and how that care 
> is embodied in the distributions that are provided.  What matters is our good 
> work.  Part of our care is operating as an ASF Project and providing 
> open-source licensing and development.  I assert that it is the carefulness 
> and good will, and how breakdowns are dealt with, that has AOO be trustworthy 
> and maybe has the project be seen as exemplary of open-source goodness.
> 
> 
> 
> 

Re: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-29 Thread jonathon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 29/01/15 18:19, Dennis E. Hamilton wrote:

>The current page speaks to matters that are none of our business as an
Apache Project and it somehow raises a matter of specialized interest as
if it matters broadly to adopters of software of various kinds.

This is one of six or so CYA pages on the OpenOffice site.

The major reason for their existence, is to point ambulance chasers at,
when they are convinced that their client is utterly blameless in the
reported PICNIC.

It would be more appropriate for those CYA pages to be part of the The
Apache Software Foundation's official pages, than those of specific
projects, but, until the board decides that officially sanctioned pages
are needed, then individual projects need to address those issues.

They obviously need to rewritten, to be sound less alarming, and
pointless to people who understand neither their significance, nor
raison d'être.

This specific page is relevant to a broad swatch on potential adopters,
because it outlines, albeit using FUD-orientated scenarios, potential
outcomes of the various types of licenses, if they are not adhered to.

One of the other CYA pages addresses a very specific scenario, that is
extremely uncommon, but nonetheless emphasizes the importance of doing
due diligence on all of the software the organization uses.
(I don't remember the URL, and neither Baidu nor DDG seem to list it.)

jonathon
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUyrCEAAoJEKG7hs8nSMR7obwQAIWL+DupZjx8mXXyKQgkV1Jx
sV47TE68LIEEglupxZCOY8hukdSu+Gzu8a5+j1XksvaLesREngHb5hZ/Who5nea8
qNXHRbdVq0jFp0iI0UIuM0vpG8DNbhzHcjeLaANMoUUuFvZQqjyjTb6Xc5vfMqCB
mTh8xOiXJ0C7BZpcq7scEGaib9dg0W+Vfa//U00Fpd9HCSVa3D2lxph3EWX9n9Hu
rulATvA5sBNvYPrLTOEPHLXH5Kp2rksH9sOBroPl+Zj4THS7fSm7todNIXpX2azQ
YjafLqZoZINBcNmOownIfkifNo4G7bLYQ8Y7C3VNis3nTD7bB6LWilNBv04ohzhk
3Bcp9l4C0AUbXaX33QQYpmBweqINl3MmylM7XRC1Nye7ew1eEe5I/S5AiUO1XTi2
ZUE/hoewQ9Cq07DWPbzmsFEnC7IMoKcL0Fd4afn3+lM6l7d7Sqd3bE3kx9hwWj4B
xhAdpmDlkiexzhG1AuNsq9B2tU7tUEu+WEWiOtJH4WaNqQOJdX4qX9wCVSWXSsLi
7OBL0tJreVbFDaYQHjzNnLO5r7cjOkuWoPDOCKX3jR3nzoC0Fg0jydStkoWAaWIq
FHTyzJuI4Xz7jXvtDHbRW0FhWI/zYVkQUltl2RBzC5DFKFM5Mm91MPoE3qzG26dw
tBz3syg4B4T/UEOn8H0x
=lwio
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



RE: [DISCUSS] Inappropriate "Compliance Costs"

2015-01-29 Thread Dennis E. Hamilton
I did look around some more.

The page in question is only listed from the sidebar of the "why" section, 
under "More Reasons," .  I think that is a far 
stretch from reasons AOO is valuable to use and I remain concerned about that 
(and whatever all of the localizations say).

The Office 2013 end-of-life statement is now dated, April 2014 now being behind 
us.  That page suggests an opportunity, that's fine.  It talks about migration, 
and that's important.  It's a good place to link to something about what 
questions to have answered in having migration work; that doesn't have to be 
there.  There are some places on the New Computers and on the ODF page that 
could be updated and I do worry about giving the impression that 
interoperability is seamless in what is not said. 

Those matters are different than the concerns that arise over "Compliant 
Costs."  

-Original Message-
From: Dennis E. Hamilton [mailto:orc...@apache.org] 
Sent: Thursday, January 29, 2015 10:20
To: dev@openoffice.apache.org
Subject: [DISCUSS] Inappropriate "Compliance Costs"

I didn't even know about this page, 
, until I saw an update on 
the Apache ooo-site SVN yesterday.  I glanced at it and didn't think much about 
it.

Today, Simon Phipps has pointed out how strange that page is.  I agree.  If you 
stand back and look at the question from the perspective of someone interested 
in adopting Apache OpenOffice in use, this page is not helpful.  Something, if 
anything, more straightforward and pertinent is called for, based on what it is 
within our power to provide.  I am grateful to Simon for pointing out how 
over-reaching this page is.

[ ... ]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org